a blog about technical topics I stumble upon

Menu

Tag Archives: Microsoft

So, we’ve all been there: A user is using his Mac with a local account. At some point IT needs to manage all Computers and Passwords, and thus this Mac together with it’s user needs to be ActiveDirectory managed. But of course: No setting, no file, nothing should change, because the user is king (and maybe the company’s boss that hates being upset, and even a changed background or shortcut-location upsets him….). Here’s how to do it:

Create a new local user with admin rights.

Logout of existing User and into the new admin user.

Delete the user you want to migrate. When the system asks, don’t delete or archive the user folder, just leave it where it is.

In a terminal issue the following command “sudo mv /Users/oldusername /Users/newusername” where newusername is the shortname of the AD User. This is critical!

If not already happened bind the Mac to the AD.

Use “chown” in terminal to change the owner of the users directory to the new domain user. Use the shortname, no need to write the FQDN of the AD.

Use “directory utility” to change the settings and check the box to create a “mobile account at login”, and check the second box, too.

Now logout, maybe reboot. (Sometimes it is needed, sometimes not, depending on how quickly the Mac gets the new AD binding.

Login using the new users shortname. It should ask for a mobile profile, create one!

One note: The new user is a standard user without administrative rights. If you need to give him/her or the Administrator-Group admin rights, you can to this in the “Directory Utility” as well. Single users won’t work, use groups like this: DOMAINNAME\groupname .

It just so happened that we had to restart our Exchange-Server (Exchange 2010, SP2).

After the reboot was completed, everything seemed to work like it was supposed to. But when I checked the owa later that day I only got a blank page after login. What was happening?

After digging around the interwebs a little I found that there was a service not running when in fact it should be. It is set to start on boot, but somehow did not. Simply start the ‘microsoft exchange forms-based authentication service’ or in german ‘Formularbasierte Authentifizierung’.